Serial No. 10/502.309 
Amendments to the Claims 

1. (Currently amended) A method of securing messages exchanged over 
a data transmission network between a server (1) and a small client (2), 
the small client comprising a smart card or a mobile communication system, 
wherein the small client does not have the resources necessary for 
providing security functions, the method being performed under the control 
of an authority that defines message exchange rules, the method comprising 
providing control in a decentralized manner by a representative (3) of the 
authority, and setting up communication between the client and the server 
only via the representative of the authority. mifiU tM UpimUliU 6f 
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iiMU iHiUMi if vkiiiAtW wherein the client is connected to a network 
of the server only through the representative of the authority, and wherein 
the representative of the authority is used throughout all transactions 
established between the client and the server, and wherein the 
representative of the authority translates messages transmitted between the 
server and the client and applies verifications decided on by the authority 
to said transmitted messages. 

2. (Previously presented) The method according to claim 1, further 
comprising using a first protocol (P) for exchanges between the server (1) 
and the representative (3) of the authority, and using a second protocol 
(P") different from the first protocol (P) for exchanges between the 
representative (3) of the authority and the client (2). 
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3. (Previously presented) The method according to claim 1, further 
comprising: 

setting up a first secure channel (4) between the server (1) and the 
representative (3) of the authority, using a first key (Ks) known to the 
representative (3) of the authority and to the server (1) but not to the 
client (2), and using a first encryption algorithm (AL). and 

setting up a second secure channel (5) between the representative (3) 
of the authority and the client (2), using a second key (Kc) known to the 
representative (3) of the authority and to the client (2) but not to the 
server (1), and using a second encryption algorithm (AL'). 

4. (Currently amended) A device comprising a server (1) and a small 
client (2) that does not have the resources necessary for providing a 
security function, the small client comprising a smart card or a mobile 
communication system, the small client being under the control of an 
authority that defines message exchange rules, the device also comprising 
means for securing messages exchanged over a data transmission network 
between the server and the small client, the securing means comprising a 
decentralized control device or representative (3) of the authority, tM 
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wherein the client is connected to a network of the server only through the 
representative of the authority, and wherein the representative of the 
authority is used throughout all transactions established between the 

4 



client and the server to translate messages transmitted between the server 
and the client, and to apply verifications decided on by the authority to 
said transmitted messages. 

5. (Currently amended) The device according to claim 4, wherein the 
decentralized control device or representative (3) of the authority is a 
data processing microsystem secured by hardware/ i^i^fUi ^MiMMIf 

uum tu umt (v m m mm m mm tu mum iMumi^' 

6. (Previously presented) The device according to claim 5, wherein: 
the server (1) is a data processing system comprising an input -output 

port (la); 

the client (2) is a data processing microsystem comprising an input - 
output port (12); 

the representative (3) of the authority is a data processing 
microsystem secured by hardware and comprising an interface device (13); 

a dedicated interface system (7) is provided, comprising an input- 
output port (8) connected to the input -output port (la) of the server data 
processing system (1). comprising a card port (9) connected to the input- 
output port (12) of the client data processing microsystem (2). comprising 
an input -output port (10) connected to the interface device (13) of the 
representative (3) of the authority data processing microsystem, and 
comprising a controller (11) programmed to control communication between 
the input-output ports (8), (9) and (10); 

the controller (11) and the representative (3) of the authority are 
programmed so that: 

the server data processing system (1) sends a request A to the client 
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data processing microsystem (2), and that request is received by the 
controller (11); 

the controller (11) transmits the request A to the representative (3) 
of the authority, which sends it back a response Ra; 

the controller (11) uses that response Ra to calculate a request A' 
that is sent to the client data processing microsystem (2); 

the client data processing microsystem (2) processes the request A' to 
prepare a response B' ; 

the client data processing microsystem (2) sends the response B' to 
the server data processing system (1); that response is received by the 
controller (11); 

the controller (11) transmits the response B' to the representative 
(3) of the authority, which sends it back a response Rb; 

the controller (11) uses that response Rb to calculate a response B 
that is sent to the server data processing system (1). 

7. (Previously presented) The device according to claim 6, wherein: 
the client (2) is a first smart card; 

the representative (3) of the authority is a second smart card; 
the dedicated interface system is a smart card reader (7) comprising 
two card ports (9) and (10). 

8. (Previously presented) The device according to claim 6, wherein: 
the client (2) is a mobile communication system; 

the server (1) is a data processing system communicating with the 
client (2) via a physical connection or via a wireless communication 
network; 

the representative (3) of the authority is a smart card representing 
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the operator of the wireless communication network (known as the SIM card 
in telephones conforming to the GSM standard). 

9. (Previously presented) The device according to claim 6, wherein: 
the client (2) is a smart card; 

the representative (3) of the authority is a data processing system 
secured by hardware: 

the dedicated interface system (7) is a machine comprising a card port 
(9) and a dedicated input-output interface (10) for connection to the 
representative (3) of the authority data processing system. 



7 



